From 9c73aabcce9ebeab2783268fd2ab7fb179feb910 Mon Sep 17 00:00:00 2001 From: wencaiwulue <895703375@qq.com> Date: Mon, 20 Feb 2023 21:38:33 +0800 Subject: [PATCH] feat: add cap for supporting dlv debug --- build/dlv.Dockerfile | 7 +++++++ pkg/dev/convert.go | 10 ++++++---- pkg/dev/option.go | 1 + pkg/dev/run.go | 2 +- pkg/util/cp/cp.go | 2 +- 5 files changed, 16 insertions(+), 6 deletions(-) create mode 100644 build/dlv.Dockerfile diff --git a/build/dlv.Dockerfile b/build/dlv.Dockerfile new file mode 100644 index 00000000..4a2bdc33 --- /dev/null +++ b/build/dlv.Dockerfile @@ -0,0 +1,7 @@ +FROM golang:1.19 as delve +RUN curl --location --output delve-1.20.1.tar.gz https://github.com/go-delve/delve/archive/v1.20.1.tar.gz \ + && tar xzf delve-1.20.1.tar.gz +RUN cd delve-1.20.1 && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /go/dlv -ldflags '-extldflags "-static"' ./cmd/dlv/ +FROM busybox +WORKDIR /duct-tape +COPY --from=delve /go/dlv go/bin/ \ No newline at end of file diff --git a/pkg/dev/convert.go b/pkg/dev/convert.go index 14d67d3c..b81849ba 100644 --- a/pkg/dev/convert.go +++ b/pkg/dev/convert.go @@ -96,6 +96,7 @@ func ConvertKubeResourceToContainer(namespace string, temp v1.PodTemplateSpec, e VolumeDriver: "", VolumesFrom: nil, ConsoleSize: [2]uint{}, + CapAdd: strslice.StrSlice{"SYS_PTRACE", "SYS_ADMIN"}, // for dlv CgroupnsMode: "", DNS: dnsConfig.Servers, DNSOptions: []string{fmt.Sprintf("ndots=%d", dnsConfig.Ndots)}, @@ -107,10 +108,10 @@ func ConvertKubeResourceToContainer(namespace string, temp v1.PodTemplateSpec, e Links: nil, OomScoreAdj: 0, PidMode: "", - Privileged: false, + Privileged: true, PublishAllPorts: false, ReadonlyRootfs: false, - SecurityOpt: nil, + SecurityOpt: []string{"apparmor=unconfined", "seccomp=unconfined"}, StorageOpt: nil, Tmpfs: nil, UTSMode: "", @@ -138,7 +139,7 @@ func ConvertKubeResourceToContainer(namespace string, temp v1.PodTemplateSpec, e hostConfig.PortBindings = portmap config.ExposedPorts = portset if c.SecurityContext != nil && c.SecurityContext.Capabilities != nil { - hostConfig.CapAdd = *(*strslice.StrSlice)(unsafe.Pointer(&c.SecurityContext.Capabilities.Add)) + hostConfig.CapAdd = append(hostConfig.CapAdd, *(*strslice.StrSlice)(unsafe.Pointer(&c.SecurityContext.Capabilities.Add))...) hostConfig.CapDrop = *(*strslice.StrSlice)(unsafe.Pointer(&c.SecurityContext.Capabilities.Drop)) } var suffix string @@ -222,7 +223,8 @@ func GetVolume(ctx context.Context, f util.Factory, ns, pod string) (map[string] } err = copyOptions.Run() if err != nil { - return nil, err + _, _ = fmt.Fprintf(os.Stderr, "Can not download volume %s path %s, ignore...", volumeMount.Name, volumeMount.MountPath) + continue } m = append(m, mount.Mount{ Type: mount.TypeBind, diff --git a/pkg/dev/option.go b/pkg/dev/option.go index 8681a69f..30ffcc3b 100644 --- a/pkg/dev/option.go +++ b/pkg/dev/option.go @@ -44,6 +44,7 @@ func fillOptions(r Run, copts Options) error { } else { config.config.Entrypoint = strslice.StrSlice{copts.Entrypoint} } + config.config.Cmd = []string{} } if copts.Platform != "" { split := strings.Split(copts.Platform, "/") diff --git a/pkg/dev/run.go b/pkg/dev/run.go index 2e474f05..f97a7c81 100644 --- a/pkg/dev/run.go +++ b/pkg/dev/run.go @@ -45,7 +45,7 @@ func run(ctx context.Context, runConfig *RunConfig, cli *client.Client) (err err if needPull { var readCloser io.ReadCloser var plat string - if runConfig.platform.Architecture != "" && runConfig.platform.OS != "" { + if runConfig.platform != nil && runConfig.platform.Architecture != "" && runConfig.platform.OS != "" { plat = fmt.Sprintf("%s/%s", runConfig.platform.OS, runConfig.platform.Architecture) } readCloser, err = cli.ImagePull(ctx, config.Image, types.ImagePullOptions{Platform: plat}) diff --git a/pkg/util/cp/cp.go b/pkg/util/cp/cp.go index 9af403bf..c3ae875f 100644 --- a/pkg/util/cp/cp.go +++ b/pkg/util/cp/cp.go @@ -209,7 +209,7 @@ func (t *TarPipe) initReadFrom(n uint64) { go func() { defer t.outStream.Close() - cmdutil.CheckErr(t.o.execute(options)) + t.o.execute(options) }() }